« previous next »
Pages: [1]

Author Topic: Virus Found  (Read 1176 times)

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« on: March 17, 2008, 10:36:16 PM »
has been giving me lots of pop ups...i found an MS.pfx file or something in my windows folder and deleted it and i dont remember its exact name..also when i re start when my desktop first comes up i get an error failed to load c:\windows\system32/rigwejfu.dll says it cant be found....

here is my hijack log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:29 PM, on 3/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\??curity\m?config.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM5322dda7] Rundll32.exe "C:\WINDOWS\System32\vtlcpmfh.dll",s
O4 - HKCU\..\Run: [Ntur] "C:\WINDOWS\System32\ECURIT~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Lcscugtf] "C:\Program Files\??curity\m?config.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

--
End of file - 4530 bytes
« Last Edit: March 17, 2008, 10:54:41 PM by natro charlo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #1 on: March 18, 2008, 08:14:50 AM »
Can you do the following please

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #2 on: March 18, 2008, 01:03:50 PM »
when i try to click the save list option in the uninstall maniger hijackthis just simply exits..and it doesnt save anything should i write the list manually

also today when i booted my computer i get two messages..the one i wrote first up there and then also another one telling me that there is no disk in drive A: insert disk to continue
« Last Edit: March 18, 2008, 01:09:03 PM by natro charlo »
Logged

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #3 on: March 18, 2008, 04:10:54 PM »
[quote name=\'natro charlo\' post=\'424325\' date=\'Mar 18 2008, 01:03 PM\']when i try to click the save list option in the uninstall maniger hijackthis just simply exits..and it doesnt save anything should i write the list manually

also today when i booted my computer i get two messages..the one i wrote first up there and then also another one telling me that there is no disk in drive A: insert disk to continue[/quote]

Un-Install List

Ad-Aware 2007  
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0
Adobe Shockwave Player
Ahead Nero 6 Demo
Alt-Tab Switcher Powertoy for Windows XP
AOL Instant Messenger
ATI Display Driver
avast! Antivirus
AVG 7.5
DAEMON Tools
DeadAIM
Diablo II
DivX Codec
Google Earth
Google Updater
HijackThis 2.0.2
Java(tm) 6 Update 4
Limewire PRO 4.17.1
Live Update 1.7(Symantec Corporation)
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead Patch
Monopoly
Mozilla Firefox (2.0.0.12)
Outerinfo
PowerDVD Ultra
Quake III Arena
Symantec Antivirus Client
TweakNow RegCleaner Standard
Viewpoint Media Player
Winamp
Windows Media Format Runtime
WinRAR archiver
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #4 on: March 18, 2008, 10:14:06 PM »
Can you do the following please
Access your Add and Remove Programs from Control Panel

You have more than one Active AntiVirus software installed
This is not a good thing, more than one can cause conflicts and system slowdowns dramatically
decide out of all the following

avast! Antivirus
AVG 7.5
Symantec Antivirus Client

Which one you like the best, keep the one your happiest with and uninstall the other 2

Reboot the computer in between removal

Afterwards, go back to Add/remove programs and remove the following
Viewpoint Media Player


Finally remove Outerinfo
It's important that you reboot the computer after removal

Back in windows
Download this file - Combofix.exe and save it ONLY to your desktop

Whatever Antivirus software you decided to keep
Disable it temporarily so as it won't interfere with this next fix


Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Back in Windows

Post back the following:

1. Post the log from Combofix
2. Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #5 on: March 19, 2008, 02:00:28 PM »
Computer is running better already i really appreciate the help...

HIJACK THIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14, on 3/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FFB00B3-AC14-4769-9E72-DA94E4E3824B} - C:\WINDOWS\System32\gebyx.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {506b188a-a119-10c9-6ca4-cd71397a55dc} - {cd55a793-17dc-4ac6-9c01-911aa881b605} - C:\WINDOWS\System32\caaobijq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O20 - Winlogon Notify: ddcccbx - ddcccbx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4670 bytes



COMBOFIX LOG



ComboFix 08-03-18.1 - Administrator 2008-03-19 14:57:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1252.1.1033.18.178 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\curity~1
C:\WINDOWS\BM5322dda7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\iwxiwwvh.dll
C:\WINDOWS\system32\urqqrsq.dll
C:\WINDOWS\system32\vpcaaewo.dll
C:\WINDOWS\system32\xgbksxob.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2

.
(((((((((((((((((((((((((   Files Created from 2008-02-19 to 2008-03-19  )))))))))))))))))))))))))))))))
.

2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-03-18 22:13 . 2008-03-19 14:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-18 22:09 . 2008-03-18 22:12   <DIR>   d--------   C:\Program Files\Yahoo!
2008-03-17 14:54 . 2008-03-17 22:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 14:53 . 2008-03-17 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-17 14:42 . 2008-03-17 14:42   <DIR>   d--------   C:\Program Files\Alwil Software
2008-03-17 14:42 . 2003-03-18 15:20   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-03-17 14:22 . 2008-03-17 14:22   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-17 12:23 . 2008-03-17 12:23   294   --ahs----   C:\WINDOWS\system32\ufjewgir.ini
2008-03-16 12:22 . 2008-03-16 12:27   414   --ahs----   C:\WINDOWS\system32\lhtrywxh.ini
2008-03-16 12:21 . 2008-03-16 12:21   63   --a------   C:\WINDOWS\system32\5011fcb5
2008-03-16 12:13 . 2008-03-16 12:13   37,376   --a------   C:\WINDOWS\mrofinu572.exe
2008-03-13 13:26 . 2008-03-13 13:26   <DIR>   d--------   C:\Program Files\Hasbro Interactive
2008-03-13 13:26 . 1999-12-09 13:17   755,200   --a------   C:\WINDOWS\system32\Ir50_32.dll
2008-03-13 13:26 . 1999-12-09 13:18   239,616   --a------   C:\WINDOWS\system32\Hdk3ctnt.dll
2008-03-13 13:26 . 1999-12-09 13:17   199,680   --a------   C:\WINDOWS\system32\iac25_32.ax
2008-03-13 13:26 . 2008-03-13 13:27   405   --a------   C:\WINDOWS\PowerReg.dat
2008-03-05 18:49 . 2008-03-05 18:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-03-05 18:48 . 2008-03-05 18:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:50 . 2008-03-04 22:53   <DIR>   d--------   C:\Program Files\Google
2008-03-04 22:50 . 2008-03-19 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-28 22:28 . 2008-02-28 22:28   <DIR>   d--------   C:\Program Files\Mplayer
2008-02-28 22:26 . 2008-02-28 22:26   <DIR>   d--------   C:\Program Files\Quake III Arena
2008-02-28 14:15 . 2008-02-28 22:28   871   --a------   C:\WINDOWS\QIII.INI
2008-02-28 05:38 . 2008-02-28 05:38   0   --a------   C:\WINDOWS\nsreg.dat
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-27 19:33 . 2008-02-27 19:33   <DIR>   d--------   C:\WINDOWS\LogFiles
2008-02-27 19:03 . 2008-02-27 19:03   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-02-27 19:03 . 2003-07-20 22:17   5,174   --a------   C:\WINDOWS\system32\nppt9x.vxd
2008-02-27 19:03 . 2005-01-04 13:43   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2008-02-26 16:41 . 2008-03-05 18:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 02:10 . 2008-02-26 02:10   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-02-26 02:10 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-02-26 01:47 . 2008-02-27 20:41   <DIR>   d--------   C:\Program Files\Diablo II backup
2008-02-25 19:07 . 2008-02-25 19:07   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2008-02-25 19:07 . 2008-02-26 02:01   35,535   --a------   C:\WINDOWS\DIIUnin.dat
2008-02-25 19:07 . 2008-02-25 19:07   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-02-25 18:57 . 2008-03-18 18:19   <DIR>   d--------   C:\Program Files\Diablo II
2008-02-25 17:35 . 2008-02-25 17:35   <DIR>   d--------   C:\Program Files\D-Tools
2008-02-25 17:35 . 2004-08-22 16:31   155,136   --a------   C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-25 17:35 . 2004-08-22 16:31   5,248   --a------   C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-25 16:19 . 2008-02-26 01:50   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 16:19 . 2008-02-26 01:50   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-02-25 16:19 . 2008-02-26 01:50   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 03:50 . 2005-04-15 19:58   1,071,088   --a------   C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-25 03:50 . 2004-03-09 16:45   662,288   --a------   C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-25 03:50 . 2004-06-14 14:56   427,864   --a------   C:\WINDOWS\system32\XceedZip.dll
2008-02-25 03:33 . 2008-02-25 03:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-25 03:31 . 2008-03-16 15:04   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-02-25 03:31 . 2008-02-25 03:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-25 03:29 . 2008-02-25 03:28   505,392   --a------   C:\WINDOWS\system32\msvcp71.dll
2008-02-25 03:28 . 2008-02-25 03:31   <DIR>   d--------   C:\Program Files\CyberLink
2008-02-24 23:37 . 2008-02-24 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-24 23:36 . 2008-02-24 23:37   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-02-24 23:29 . 2008-02-24 23:29   685,816   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\DNA
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\BitTorrent
2008-02-24 23:23 . 2008-03-16 12:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DNA
2008-02-24 23:23 . 2008-03-18 21:30   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-02-24 21:22 . 2008-02-24 21:35   <DIR>   d--------   C:\Program Files\Videos
2008-02-24 21:20 . 2008-02-24 21:20   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Std
2008-02-24 21:18 . 2008-03-10 17:58   <DIR>   d--------   C:\Program Files\Downloaded Programs
2008-02-24 21:00 . 2008-02-24 21:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Ahead
2008-02-24 19:22 . 2008-02-24 19:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-24 19:21 . 2008-02-24 19:21   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Program Files\Winamp
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Winamp
2008-02-24 17:39 . 2008-02-25 19:18   <DIR>   d--------   C:\Program Files\torrents
2008-02-24 16:40 . 2008-03-10 21:46   <DIR>   d--------   C:\Program Files\Incomplete
2008-02-24 16:39 . 2008-03-17 14:50   <DIR>   d--------   C:\Program Files\Media
2008-02-24 16:37 . 2008-03-10 21:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-24 16:31 . 2007-12-14 01:59   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-24 16:30 . 2008-02-24 16:31   <DIR>   d--------   C:\Program Files\Java
2008-02-24 16:28 . 2008-02-24 16:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-02-24 16:27 . 2008-02-24 18:16   <DIR>   d--------   C:\Program Files\LimeWire
2008-02-24 15:27 . 2008-02-24 15:27   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Aim
2008-02-24 15:25 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Viewpoint
2008-02-24 15:25 . 2008-02-24 15:25   <DIR>   d--------   C:\Program Files\AOD
2008-02-24 15:25 . 2008-02-26 02:27   <DIR>   d--------   C:\Program Files\AIM
2008-02-24 15:25 . 2004-02-25 13:05   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-02-24 15:11 . 2007-07-30 19:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-02-24 15:11 . 2007-07-30 19:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-02-24 15:11 . 2007-07-30 19:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-02-24 15:11 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-02-24 15:11 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a------   C:\WINDOWS\system32\drivers\ac97intc.sys
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a--c---   C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-02-23 10:19 . 2008-02-23 10:19   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-02-22 17:09 . 2008-02-22 17:09   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-02-22 17:02 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Symantec
2008-02-22 17:02 . 2008-03-19 14:41   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:02 . 2008-02-22 17:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:52   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-22 16:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-22 16:52   558,142   ----a-w   C:\WINDOWS\java\Packages\JBP37BB7.ZIP
2008-02-22 16:52   155,995   ----a-w   C:\WINDOWS\java\Packages\MSA8BHJD.ZIP
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FFB00B3-AC14-4769-9E72-DA94E4E3824B}]
         C:\WINDOWS\System32\gebyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd55a793-17dc-4ac6-9c01-911aa881b605}]
         C:\WINDOWS\System32\caaobijq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 12:30 45632]
"5011ee3b"="C:\WINDOWS\System32\rigwejfu.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 15:27 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 14:53 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccbx]
ddcccbx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5011ee3b]
C:\WINDOWS\System32\hxwyrthl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 19:20 91432 C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-12 20:13 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5322dda7]
C:\WINDOWS\System32\vpcaaewo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 C:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 09:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 15:00:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-03-19 15:03:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-19 20:03:09
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #6 on: March 19, 2008, 06:15:39 PM »
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
C:\WINDOWS\system32\ufjewgir.ini
C:\WINDOWS\system32\lhtrywxh.ini
C:\WINDOWS\system32\5011fcb5
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\System32\rigwejfu.dll
C:\WINDOWS\System32\hxwyrthl.dll
C:\WINDOWS\System32\vpcaaewo.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccbx]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FFB00B3-AC14-4769-9E72-DA94E4E3824B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd55a793-17dc-4ac6-9c01-911aa881b605}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5011ee3b"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5011ee3b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5322dda7]

[/color]

Save this as txtfile on your desktop
CFScript

Disable your AntiVirus software temporarily so as it won't interfere with the next fix


Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..
I'll need to see that log again later

Back in Windows
Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

Again, temporarily disable your AntiVirus software
Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
At the 'END USER SOFTWARE LICENSE AGREEMENT' select 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program if one is installed, then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy

Post back the following to the forum

1. Post the report from the BitDender scan
2. Post the log from combofix>>C:\ComboFix.txt
3. Run a fresh scan>save logfile with Hijackthis and post it too

NOTE: It may take more than one reply to post all the above info, please do so if needed
« Last Edit: March 19, 2008, 09:23:03 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #7 on: March 19, 2008, 09:22:46 PM »
Add the following
I seen you online and was editing my response with CFScript.txt at the same time

Continue with the last set of instructions
I edited the following line

Quote
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5011ee3b"=-

It is the reason for this
Quote
i get an error failed to load c:\windows\system32/rigwejfu.dll

I forgot the lead in bracket, but have fixed it now
DON'T worry about redoing that set of instructions if you have already started
We'll deal with it AFTER you post the fresh logs
Not to worry  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #8 on: March 19, 2008, 10:41:11 PM »
ComboFix


ComboFix 08-03-18.1 - Administrator 2008-03-19 22:06:47.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\5011fcb5
C:\WINDOWS\System32\hxwyrthl.dll
C:\WINDOWS\system32\lhtrywxh.ini
C:\WINDOWS\System32\rigwejfu.dll
C:\WINDOWS\system32\ufjewgir.ini
C:\WINDOWS\System32\vpcaaewo.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\5011fcb5
C:\WINDOWS\system32\lhtrywxh.ini
C:\WINDOWS\system32\ufjewgir.ini

.
(((((((((((((((((((((((((   Files Created from 2008-02-20 to 2008-03-20  )))))))))))))))))))))))))))))))
.

2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-03-18 22:13 . 2008-03-19 14:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-18 22:09 . 2008-03-18 22:12   <DIR>   d--------   C:\Program Files\Yahoo!
2008-03-17 14:54 . 2008-03-17 22:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 14:53 . 2008-03-17 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-17 14:42 . 2008-03-17 14:42   <DIR>   d--------   C:\Program Files\Alwil Software
2008-03-17 14:42 . 2003-03-18 15:20   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-03-17 14:22 . 2008-03-17 14:22   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-13 13:26 . 2008-03-13 13:26   <DIR>   d--------   C:\Program Files\Hasbro Interactive
2008-03-13 13:26 . 1999-12-09 13:17   755,200   --a------   C:\WINDOWS\system32\Ir50_32.dll
2008-03-13 13:26 . 1999-12-09 13:18   239,616   --a------   C:\WINDOWS\system32\Hdk3ctnt.dll
2008-03-13 13:26 . 1999-12-09 13:17   199,680   --a------   C:\WINDOWS\system32\iac25_32.ax
2008-03-13 13:26 . 2008-03-13 13:27   405   --a------   C:\WINDOWS\PowerReg.dat
2008-03-05 18:49 . 2008-03-05 18:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-03-05 18:48 . 2008-03-05 18:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:50 . 2008-03-04 22:53   <DIR>   d--------   C:\Program Files\Google
2008-03-04 22:50 . 2008-03-19 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-28 22:28 . 2008-02-28 22:28   <DIR>   d--------   C:\Program Files\Mplayer
2008-02-28 22:26 . 2008-02-28 22:26   <DIR>   d--------   C:\Program Files\Quake III Arena
2008-02-28 14:15 . 2008-02-28 22:28   871   --a------   C:\WINDOWS\QIII.INI
2008-02-28 05:38 . 2008-02-28 05:38   0   --a------   C:\WINDOWS\nsreg.dat
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-27 19:33 . 2008-02-27 19:33   <DIR>   d--------   C:\WINDOWS\LogFiles
2008-02-27 19:03 . 2008-02-27 19:03   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-02-27 19:03 . 2003-07-20 22:17   5,174   --a------   C:\WINDOWS\system32\nppt9x.vxd
2008-02-27 19:03 . 2005-01-04 13:43   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2008-02-26 16:41 . 2008-03-05 18:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 02:10 . 2008-02-26 02:10   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-02-26 02:10 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-02-26 01:47 . 2008-02-27 20:41   <DIR>   d--------   C:\Program Files\Diablo II backup
2008-02-25 19:07 . 2008-02-25 19:07   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2008-02-25 19:07 . 2008-02-26 02:01   35,535   --a------   C:\WINDOWS\DIIUnin.dat
2008-02-25 19:07 . 2008-02-25 19:07   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-02-25 18:57 . 2008-03-18 18:19   <DIR>   d--------   C:\Program Files\Diablo II
2008-02-25 17:35 . 2008-02-25 17:35   <DIR>   d--------   C:\Program Files\D-Tools
2008-02-25 17:35 . 2004-08-22 16:31   155,136   --a------   C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-25 17:35 . 2004-08-22 16:31   5,248   --a------   C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-25 16:19 . 2008-02-26 01:50   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 16:19 . 2008-02-26 01:50   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-02-25 16:19 . 2008-02-26 01:50   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 03:50 . 2005-04-15 19:58   1,071,088   --a------   C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-25 03:50 . 2004-03-09 16:45   662,288   --a------   C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-25 03:50 . 2004-06-14 14:56   427,864   --a------   C:\WINDOWS\system32\XceedZip.dll
2008-02-25 03:33 . 2008-02-25 03:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-25 03:31 . 2008-03-16 15:04   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-02-25 03:31 . 2008-02-25 03:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-25 03:29 . 2008-02-25 03:28   505,392   --a------   C:\WINDOWS\system32\msvcp71.dll
2008-02-25 03:28 . 2008-02-25 03:31   <DIR>   d--------   C:\Program Files\CyberLink
2008-02-24 23:37 . 2008-02-24 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-24 23:36 . 2008-02-24 23:37   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-02-24 23:29 . 2008-02-24 23:29   685,816   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\DNA
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\BitTorrent
2008-02-24 23:23 . 2008-03-16 12:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DNA
2008-02-24 23:23 . 2008-03-18 21:30   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-02-24 21:22 . 2008-02-24 21:35   <DIR>   d--------   C:\Program Files\Videos
2008-02-24 21:20 . 2008-02-24 21:20   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Std
2008-02-24 21:18 . 2008-03-10 17:58   <DIR>   d--------   C:\Program Files\Downloaded Programs
2008-02-24 21:00 . 2008-02-24 21:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Ahead
2008-02-24 19:22 . 2008-02-24 19:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-24 19:21 . 2008-02-24 19:21   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Program Files\Winamp
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Winamp
2008-02-24 17:39 . 2008-02-25 19:18   <DIR>   d--------   C:\Program Files\torrents
2008-02-24 16:40 . 2008-03-10 21:46   <DIR>   d--------   C:\Program Files\Incomplete
2008-02-24 16:39 . 2008-03-19 18:37   <DIR>   d--------   C:\Program Files\Media
2008-02-24 16:37 . 2008-03-10 21:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-24 16:31 . 2007-12-14 01:59   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-24 16:30 . 2008-02-24 16:31   <DIR>   d--------   C:\Program Files\Java
2008-02-24 16:28 . 2008-02-24 16:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-02-24 16:27 . 2008-02-24 18:16   <DIR>   d--------   C:\Program Files\LimeWire
2008-02-24 15:27 . 2008-02-24 15:27   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Aim
2008-02-24 15:25 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Viewpoint
2008-02-24 15:25 . 2008-02-24 15:25   <DIR>   d--------   C:\Program Files\AOD
2008-02-24 15:25 . 2008-02-26 02:27   <DIR>   d--------   C:\Program Files\AIM
2008-02-24 15:25 . 2004-02-25 13:05   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-02-24 15:11 . 2007-07-30 19:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-02-24 15:11 . 2007-07-30 19:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-02-24 15:11 . 2007-07-30 19:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-02-24 15:11 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-02-24 15:11 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a------   C:\WINDOWS\system32\drivers\ac97intc.sys
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a--c---   C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-02-23 10:19 . 2008-02-23 10:19   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-02-22 17:09 . 2008-02-22 17:09   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-02-22 17:02 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Symantec
2008-02-22 17:02 . 2008-03-19 14:41   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:02 . 2008-02-22 17:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-22 17:01 . 2008-03-16 11:43   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-02-22 17:01 . 2008-02-22 17:01   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-02-22 17:01 . 2008-02-22 17:01   <DIR>   d--------   C:\Program Files\Ahead
2008-02-22 16:59 . 2008-03-19 14:45   <DIR>   d--hs----   C:\WINDOWS\Installer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:52   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-22 16:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-22 16:52   558,142   ----a-w   C:\WINDOWS\java\Packages\JBP37BB7.ZIP
2008-02-22 16:52   155,995   ----a-w   C:\WINDOWS\java\Packages\MSA8BHJD.ZIP
.

(((((((((((((((((((((((((((((   snapshot@2008-03-19_15.02.54.70   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-24 20:05:37   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-03-19 20:02:09   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-02-24 20:05:37   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-03-19 20:02:09   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 12:30 45632]
"5011ee3b"="C:\WINDOWS\System32\rigwejfu.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 15:27 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 14:53 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 19:20 91432 C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-12 20:13 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 C:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 09:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 22:09:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-03-19 22:09:57
ComboFix-quarantined-files.txt  2008-03-20 03:09:42
ComboFix2.txt  2008-03-19 20:03:13
Logged

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #9 on: March 20, 2008, 12:39:38 AM »
BitDefender Online Scanner
 
 
 
Scan report generated at: Thu, Mar 20, 2008 - 01:52:01
 
 
 
 
 
Scan path: A:\;C:\;D:\;E:\;F:\;
 
 
 
 
 
 
 
Statistics
 
Time
 03:32:14
 
Files
 238111
 
Folders
 2822
 
Boot Sectors
 2
 
Archives
 908
 
Packed Files
 3321
 
 
 
 
Results
 
Identified Viruses
 1
 
Infected Files
 1
 
Suspect Files
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 1
 
 
 
 
Engines Info
 
Virus Definitions
 1016846
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 16
 
Archive plugins
 41
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 5
 
 
 
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
 
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
 
 
 
  Scanned File
  Status
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Infected with: Trojan.Vundo.ECP
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Deleted
 
C:\WINDOWS\system32\sfman32.dll
 Clean
 
C:\WINDOWS\system32\sfmapi.dll
 Clean
 
C:\WINDOWS\system32\shadow.exe
 Clean
 
C:\WINDOWS\system32\share.exe
 Clean
 
C:\WINDOWS\system32\shdoclc.dll
 Clean
 
C:\WINDOWS\system32\shdocvw.dll
 Clean
 
C:\WINDOWS\system32\shell.dll
 Clean
 
C:\WINDOWS\system32\shell32.dll
 Clean
 
C:\WINDOWS\system32\ShellExt\
 Clean
 
C:\WINDOWS\system32\shellstyle.dll
 Clean
 
C:\WINDOWS\system32\shfolder.dll
 Clean
 
C:\WINDOWS\system32\shgina.dll
 Clean
 
C:\WINDOWS\system32\shiftjis.uce
 Clean
 
C:\WINDOWS\system32\shimeng.dll
 Clean
 
C:\WINDOWS\system32\shimgvw.dll
 Clean
 
C:\WINDOWS\system32\shlwapi.dll
 Clean
 
C:\WINDOWS\system32\shmedia.dll
 Clean
 
C:\WINDOWS\system32\shmgrate.exe
 Clean
 
C:\WINDOWS\system32\shrpubw.exe
 Clean
 
C:\WINDOWS\system32\shscrap.dll
 Clean
 
C:\WINDOWS\system32\shsvcs.dll
 Clean
 
C:\WINDOWS\system32\shutdown.exe
 Clean
 
C:\WINDOWS\system32\sigtab.dll
 Clean
 
C:\WINDOWS\system32\sigverif.exe
 Clean
 
C:\WINDOWS\system32\simpdata.tlb
 Clean
 
C:\WINDOWS\system32\SIntf16.dll
 Clean
 
C:\WINDOWS\system32\SIntf32.dll
 Clean
 
C:\WINDOWS\system32\SIntfNT.dll
 Clean
 
C:\WINDOWS\system32\sisbkup.dll
 Clean
 
C:\WINDOWS\system32\skdll.dll
 Clean
 
C:\WINDOWS\system32\skeys.exe
 Clean
 
C:\WINDOWS\system32\slayerxp.dll
 Clean
 
C:\WINDOWS\system32\slbcsp.dll
 Clean
 
C:\WINDOWS\system32\slbiop.dll
 Clean
 
C:\WINDOWS\system32\slbrccsp.dll
 Clean
 
C:\WINDOWS\system32\sl_anet.acm
 Clean
 
C:\WINDOWS\system32\smlogcfg.dll
 Clean
 
C:\WINDOWS\system32\smlogsvc.exe
 Clean
 
C:\WINDOWS\system32\smss.exe
 Clean
 
C:\WINDOWS\system32\sndrec32.exe
 Clean
 
C:\WINDOWS\system32\sndvol32.exe
 Clean
 
C:\WINDOWS\system32\snmpapi.dll
 Clean
 
C:\WINDOWS\system32\snmpsnap.dll
 Clean
 
C:\WINDOWS\system32\softpub.dll
 Clean
 
C:\WINDOWS\system32\sol.exe
 Clean
 
C:\WINDOWS\system32\sort.exe
 Clean
 
C:\WINDOWS\system32\sortkey.nls
 Clean
 
C:\WINDOWS\system32\sorttbls.nls
 Clean
 
C:\WINDOWS\system32\sound.drv
 Clean
 
C:\WINDOWS\system32\spider.exe
 Clean
 
C:\WINDOWS\system32\spiisupd.exe
 Clean
 
C:\WINDOWS\system32\spnike.dll
 Clean
 
C:\WINDOWS\system32\spool\
 Clean
 
C:\WINDOWS\system32\spool\drivers\
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\is330.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPV600AL.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ200.HLP
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI=>(unicode)
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ697.BUD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ697.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ69X.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ6XX.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVIMG50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVNAM50.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUD50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUI50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\STDNAMES.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.HLP
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
 Clean
 
C:\WINDOWS\system32\spool\PRINTERS\
 Clean
 
C:\WINDOWS\system32\spool\prtprocs\
 Clean
 
C:\WINDOWS\system32\spool\prtprocs\w32x86\
 Clean
 
C:\WINDOWS\system32\spoolss.dll
 Clean
 
C:\WINDOWS\system32\spoolsv.exe
 Clean
 
C:\WINDOWS\system32\sprestrt.exe
 Clean
 
C:\WINDOWS\system32\sprio600.dll
 Clean
 
C:\WINDOWS\system32\sprio800.dll
 Clean
 
C:\WINDOWS\system32\spxcoins.dll
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/#SYSTEM
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Ex.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Print.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/shared.js
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 1)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 3)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/caution.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coC.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coCb.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coE.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coEb.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/elle.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/important.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/note.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_c.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/spacer.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/tip.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/warning.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_.gif
 Clean
 
C:\WINDOWS\system32\sqlsrv32.dll
 Clean
 
C:\WINDOWS\system32\sqlsrv32.rll
 Clean
 
C:\WINDOWS\system32\sqlunirl.dll
 Clean
 
C:\WINDOWS\system32\sqlwid.dll
 Clean
 
C:\WINDOWS\system32\sqlwoa.dll
 Clean
 
C:\WINDOWS\system32\srclient.dll
 Clean
 
C:\WINDOWS\system32\srrstr.dll
 Clean
 
C:\WINDOWS\system32\srsvc.dll
 Clean
 
C:\WINDOWS\system32\srvsvc.dll
 Clean
 
C:\WINDOWS\system32\ss3dfo.scr
 Clean
 
C:\WINDOWS\system32\ssbezier.scr
 Clean
 
C:\WINDOWS\system32\ssdpapi.dll
 Clean
 
C:\WINDOWS\system32\ssdpsrv.dll
 Clean
 
C:\WINDOWS\system32\ssflwbox.scr
 Clean
 
C:\WINDOWS\system32\ssmarque.scr
 Clean
 
C:\WINDOWS\system32\ssmypics.scr
 Clean
 
C:\WINDOWS\system32\ssmyst.scr
 Clean
 
C:\WINDOWS\system32\sspipes.scr
 Clean
 
C:\WINDOWS\system32\ssstars.scr
 Clean
 
C:\WINDOWS\system32\sstext3d.scr
 Clean
 
C:\WINDOWS\system32\stclient.dll
 Clean
 
C:\WINDOWS\system32\STDOLE.TLB
 Clean
 
C:\WINDOWS\system32\stdole2.tlb
 Clean
 
C:\WINDOWS\system32\stdole32.tlb
 Clean
 
C:\WINDOWS\system32\sti.dll
 Clean
 
C:\WINDOWS\system32\stimon.exe
 Clean
 
C:\WINDOWS\system32\sti_ci.dll
 Clean
 
C:\WINDOWS\system32\stobject.dll
 Clean
 
C:\WINDOWS\system32\storage.dll
 Clean
 
C:\WINDOWS\system32\storprop.dll
 Clean
 
C:\WINDOWS\system32\streamci.dll
 Clean
 
C:\WINDOWS\system32\strmdll.dll
 Clean
 
C:\WINDOWS\system32\subrange.uce
 Clean
 
C:\WINDOWS\system32\subst.exe
 Clean
 
C:\WINDOWS\system32\svchost.exe
 Clean
 
C:\WINDOWS\system32\svcpack.dll
 Clean
 
C:\WINDOWS\system32\swprv.dll
 Clean
 
C:\WINDOWS\system32\swreg.exe
 Clean
 
C:\WINDOWS\system32\swsc.exe
 Clean
 
C:\WINDOWS\system32\swxcacls.exe
 Clean
 
C:\WINDOWS\system32\sxs.dll
 Clean
 
C:\WINDOWS\system32\syncapp.exe
 Clean
 
C:\WINDOWS\system32\synceng.dll
 Clean
 
C:\WINDOWS\system32\syncui.dll
 Clean
 
C:\WINDOWS\system32\sysdm.cpl
 Clean
 
C:\WINDOWS\system32\sysedit.exe
 Clean
 
C:\WINDOWS\system32\sysinv.dll
 Clean
 
C:\WINDOWS\system32\syskey.exe
 Clean
 
C:\WINDOWS\system32\sysmon.ocx
 Clean
 
C:\WINDOWS\system32\sysocmgr.exe
 Clean
 
C:\WINDOWS\system32\sysprint.sep
 Clean
 
C:\WINDOWS\system32\sysprtj.sep
 Clean
 
C:\WINDOWS\system32\syssetup.dll
 Clean
 
C:\WINDOWS\system32\system.drv
 Clean
 
C:\WINDOWS\system32\systeminfo.exe
 Clean
 
C:\WINDOWS\system32\systray.exe
 Clean
 
C:\WINDOWS\system32\t2embed.dll
 Clean
 
C:\WINDOWS\system32\tapi.dll
 Clean
 
C:\WINDOWS\system32\tapi3.dll
 Clean
 
C:\WINDOWS\system32\tapi32.dll
 Clean
 
C:\WINDOWS\system32\tapiperf.dll
 Clean
 
C:\WINDOWS\system32\tapisrv.dll
 Clean
 
C:\WINDOWS\system32\tapiui.dll
 Clean
 
C:\WINDOWS\system32\taskkill.exe
 Clean
 
C:\WINDOWS\system32\tasklist.exe
 Clean
 
C:\WINDOWS\system32\taskman.exe
 Clean
 
C:\WINDOWS\system32\taskmgr.exe
 Clean
 
C:\WINDOWS\system32\TaskSwitch.exe
 Clean
 
C:\WINDOWS\system32\tcmsetup.exe
 Clean
 
C:\WINDOWS\system32\tcpmib.dll
 Clean
 
C:\WINDOWS\system32\tcpmon.dll
 Clean
 
C:\WINDOWS\system32\tcpmon.ini
 Clean
 
 
 
 
 
 
 
 
 
 
 

 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55, on 3/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4568 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #10 on: March 20, 2008, 07:02:58 AM »
Ensure you have reenabled AVG AntiVirus protections
You can go ahead and uninstall BitDefender online scan
In Internet Explorer click on TOOLS>>select "Uninstall BitDefender Online Scanner"

Afterwards:
Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer
Back in Windows

Post one last fresh hijackthis log and let me know how things are running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #11 on: March 20, 2008, 12:20:13 PM »
It is running a lot lot lot better now thanks a lot...no more error windows when i boot up and no more pop ups and no more flash screens in my internet browser...do you think i should defragment it now after moving and deleting a bunch of stuff? or is that not effective...

here is the log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33, on 3/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3421 bytes
Logged

Offline natro charlo

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Virus Found
« Reply #12 on: March 20, 2008, 01:51:10 PM »
also combofix changed my time on my computer and im not sure how to correct it..it is in military time.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #13 on: March 21, 2008, 01:34:02 PM »
[quote name=\'natro charlo\' post=\'424445\' date=\'Mar 20 2008, 11:51 AM\']also combofix changed my time on my computer and im not sure how to correct it..it is in military time.[/quote]

That should of changed back to Normal after reboot
Can you do the following
Go to START>>Control Panel>>In Classic View select
"Regional and Language Options>>
Select "Customize">>
TIME tab


Try h:mm:ss tt beside Time format and apply it

Let's clean some tools that we used
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

ComboFix /u

This will uninstall combofix and it's components


download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Click the Cleanup! button
    A list will be downloaded>>Allow it Internet access if prompted by your Firewall
    Don't change anything in this list
  • Select Yes at the prompt
    Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop


Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
eg... natro
 and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"


Take a look at miekiemoes' site with other ideas on How to prevent Malware:

I hope that helps  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: March 21, 2008, 01:36:27 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Virus Found
« Reply #14 on: April 26, 2008, 05:08:34 PM »
Since your issues appear resolved, I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »